Implement LBP1 tags, stricter resource checking, and more (#463)

* Add LBP1 tags, more strict resource checking, and more. * Fix unit tests * Add more length checking to dependency parser * Online editor problems * Fix tests pt 2 * Self code review and fixed digest bugs * Don't add content length if it was already set * Fix status endpoint * Fix review bug and simplify review serialization * Fix a typo in review serialization * Remove duplicated code and fix search * Remove duplicate database call
2025-08-10 22:08:39 +00:00 · 2022-08-31 20:38:58 -05:00 · 2022-08-31 20:38:58 -05:00 · d640c000aa
commit d640c000aa
parent 58c340aff8
32 changed files with 735 additions and 209 deletions
--- a/ProjectLighthouse.Servers.GameServer/Startup/GameServerStartup.cs
+++ b/ProjectLighthouse.Servers.GameServer/Startup/GameServerStartup.cs
@ -1,4 +1,3 @@
-using System.IO.Compression;
 using LBPUnion.ProjectLighthouse.Configuration;
 using LBPUnion.ProjectLighthouse.Helpers;
 using LBPUnion.ProjectLighthouse.Logging;
@ -76,17 +75,30 @@ public class GameServerStartup
                // Client digest check.
                if (!context.Request.Cookies.TryGetValue("MM_AUTH", out string? authCookie) || authCookie == null) authCookie = string.Empty;
                string digestPath = context.Request.Path;
+                #if !DEBUG
+                const string url = "/LITTLEBIGPLANETPS3_XML";
+                string strippedPath = digestPath.Contains(url) ? digestPath[url.Length..] : "";
+                #endif
                Stream body = context.Request.Body;

                bool usedAlternateDigestKey = false;

                if (computeDigests && digestPath.StartsWith("/LITTLEBIGPLANETPS3_XML"))
                {
-                    string clientRequestDigest = await CryptoHelper.ComputeDigest
-                        (digestPath, authCookie, body, ServerConfiguration.Instance.DigestKey.PrimaryDigestKey);
+                    // The game sets X-Digest-B on a resource upload instead of X-Digest-A
+                    string digestHeaderKey = "X-Digest-A";
+                    bool excludeBodyFromDigest = false;
+                    if (digestPath.Contains("/upload/"))
+                    {
+                        digestHeaderKey = "X-Digest-B";
+                        excludeBodyFromDigest = true;
+                    }

-                    // Check the digest we've just calculated against the X-Digest-A header if the game set the header. They should match.
-                    if (context.Request.Headers.TryGetValue("X-Digest-A", out StringValues sentDigest))
+                    string clientRequestDigest = await CryptoHelper.ComputeDigest
+                        (digestPath, authCookie, body, ServerConfiguration.Instance.DigestKey.PrimaryDigestKey, excludeBodyFromDigest);
+
+                    // Check the digest we've just calculated against the digest header if the game set the header. They should match.
+                    if (context.Request.Headers.TryGetValue(digestHeaderKey, out StringValues sentDigest))
                    {
                        if (clientRequestDigest != sentDigest)
                        {
@ -97,7 +109,7 @@ public class GameServerStartup
                            body.Position = 0;

                            clientRequestDigest = await CryptoHelper.ComputeDigest
-                                (digestPath, authCookie, body, ServerConfiguration.Instance.DigestKey.AlternateDigestKey);
+                                (digestPath, authCookie, body, ServerConfiguration.Instance.DigestKey.AlternateDigestKey, excludeBodyFromDigest);
                            if (clientRequestDigest != sentDigest)
                            {
                                #if DEBUG
@ -108,11 +120,20 @@ public class GameServerStartup
                                #endif
                                // We still failed to validate. Abort the request.
                                context.Response.StatusCode = 403;
-                                context.Abort();
                                return;
                            }
                        }
                    }
+                    #if !DEBUG
+                    // The game doesn't start sending digests until after the announcement so if it's not one of those requests
+                    // and it doesn't include a digest we need to reject the request 
+                    else if (!ServerStatics.IsUnitTesting && !strippedPath.Equals("/login") && !strippedPath.Equals("/eula") 
+                             && !strippedPath.Equals("/announce") && !strippedPath.Equals("/status"))
+                    {
+                        context.Response.StatusCode = 403;
+                        return;
+                    }
+                    #endif

                    context.Response.Headers.Add("X-Digest-B", clientRequestDigest);
                    context.Request.Body.Position = 0;
@ -140,6 +161,10 @@ public class GameServerStartup
                    context.Response.Headers.Add("X-Digest-A", serverDigest);
                }

+                // Add a content-length header if it isn't present to disable response chunking
+                if(!context.Response.Headers.ContainsKey("Content-Length"))
+                    context.Response.Headers.Add("Content-Length", responseBuffer.Length.ToString());
+
                // Copy the buffered response to the actual response stream.
                responseBuffer.Position = 0;
                await responseBuffer.CopyToAsync(oldResponseStream);
@ -175,4 +200,4 @@ public class GameServerStartup
        app.UseEndpoints(endpoints => endpoints.MapControllers());
        app.UseEndpoints(endpoints => endpoints.MapRazorPages());
    }
-}
+}